Search for vulnerabilities
Vulnerability details: VCID-gudw-c2aa-aaap
Vulnerability ID VCID-gudw-c2aa-aaap
Aliases CVE-2012-2111
Summary The (1) CreateAccount, (2) OpenAccount, (3) AddAccountRights, and (4) RemoveAccountRights LSA RPC procedures in smbd in Samba 3.4.x before 3.4.17, 3.5.x before 3.5.15, and 3.6.x before 3.6.5 do not properly restrict modifications to the privileges database, which allows remote authenticated users to obtain the "take ownership" privilege via an LSA connection.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-264 Permissions, Privileges, and Access Controls
System Score Found at
rhas Important https://access.redhat.com/errata/RHSA-2012:0533
epss 0.00390 https://api.first.org/data/v1/epss?cve=CVE-2012-2111
epss 0.00390 https://api.first.org/data/v1/epss?cve=CVE-2012-2111
epss 0.00390 https://api.first.org/data/v1/epss?cve=CVE-2012-2111
epss 0.00390 https://api.first.org/data/v1/epss?cve=CVE-2012-2111
epss 0.00390 https://api.first.org/data/v1/epss?cve=CVE-2012-2111
epss 0.00390 https://api.first.org/data/v1/epss?cve=CVE-2012-2111
epss 0.00390 https://api.first.org/data/v1/epss?cve=CVE-2012-2111
epss 0.00390 https://api.first.org/data/v1/epss?cve=CVE-2012-2111
epss 0.00390 https://api.first.org/data/v1/epss?cve=CVE-2012-2111
epss 0.00390 https://api.first.org/data/v1/epss?cve=CVE-2012-2111
epss 0.00390 https://api.first.org/data/v1/epss?cve=CVE-2012-2111
epss 0.00553 https://api.first.org/data/v1/epss?cve=CVE-2012-2111
epss 0.00553 https://api.first.org/data/v1/epss?cve=CVE-2012-2111
epss 0.00553 https://api.first.org/data/v1/epss?cve=CVE-2012-2111
epss 0.00553 https://api.first.org/data/v1/epss?cve=CVE-2012-2111
epss 0.01381 https://api.first.org/data/v1/epss?cve=CVE-2012-2111
epss 0.01381 https://api.first.org/data/v1/epss?cve=CVE-2012-2111
epss 0.01381 https://api.first.org/data/v1/epss?cve=CVE-2012-2111
epss 0.01381 https://api.first.org/data/v1/epss?cve=CVE-2012-2111
epss 0.01381 https://api.first.org/data/v1/epss?cve=CVE-2012-2111
epss 0.01381 https://api.first.org/data/v1/epss?cve=CVE-2012-2111
epss 0.01381 https://api.first.org/data/v1/epss?cve=CVE-2012-2111
epss 0.01381 https://api.first.org/data/v1/epss?cve=CVE-2012-2111
epss 0.01381 https://api.first.org/data/v1/epss?cve=CVE-2012-2111
epss 0.01381 https://api.first.org/data/v1/epss?cve=CVE-2012-2111
epss 0.01381 https://api.first.org/data/v1/epss?cve=CVE-2012-2111
epss 0.01381 https://api.first.org/data/v1/epss?cve=CVE-2012-2111
epss 0.01381 https://api.first.org/data/v1/epss?cve=CVE-2012-2111
epss 0.01381 https://api.first.org/data/v1/epss?cve=CVE-2012-2111
epss 0.01381 https://api.first.org/data/v1/epss?cve=CVE-2012-2111
epss 0.01381 https://api.first.org/data/v1/epss?cve=CVE-2012-2111
epss 0.01381 https://api.first.org/data/v1/epss?cve=CVE-2012-2111
epss 0.01381 https://api.first.org/data/v1/epss?cve=CVE-2012-2111
epss 0.01381 https://api.first.org/data/v1/epss?cve=CVE-2012-2111
epss 0.01381 https://api.first.org/data/v1/epss?cve=CVE-2012-2111
epss 0.01381 https://api.first.org/data/v1/epss?cve=CVE-2012-2111
epss 0.01381 https://api.first.org/data/v1/epss?cve=CVE-2012-2111
epss 0.01381 https://api.first.org/data/v1/epss?cve=CVE-2012-2111
epss 0.01381 https://api.first.org/data/v1/epss?cve=CVE-2012-2111
epss 0.01381 https://api.first.org/data/v1/epss?cve=CVE-2012-2111
epss 0.01381 https://api.first.org/data/v1/epss?cve=CVE-2012-2111
epss 0.01381 https://api.first.org/data/v1/epss?cve=CVE-2012-2111
epss 0.01381 https://api.first.org/data/v1/epss?cve=CVE-2012-2111
epss 0.01381 https://api.first.org/data/v1/epss?cve=CVE-2012-2111
epss 0.01381 https://api.first.org/data/v1/epss?cve=CVE-2012-2111
epss 0.01381 https://api.first.org/data/v1/epss?cve=CVE-2012-2111
epss 0.01381 https://api.first.org/data/v1/epss?cve=CVE-2012-2111
epss 0.01381 https://api.first.org/data/v1/epss?cve=CVE-2012-2111
epss 0.01381 https://api.first.org/data/v1/epss?cve=CVE-2012-2111
epss 0.01381 https://api.first.org/data/v1/epss?cve=CVE-2012-2111
epss 0.01381 https://api.first.org/data/v1/epss?cve=CVE-2012-2111
epss 0.01381 https://api.first.org/data/v1/epss?cve=CVE-2012-2111
epss 0.01381 https://api.first.org/data/v1/epss?cve=CVE-2012-2111
epss 0.01381 https://api.first.org/data/v1/epss?cve=CVE-2012-2111
epss 0.01381 https://api.first.org/data/v1/epss?cve=CVE-2012-2111
epss 0.01381 https://api.first.org/data/v1/epss?cve=CVE-2012-2111
epss 0.01381 https://api.first.org/data/v1/epss?cve=CVE-2012-2111
epss 0.01381 https://api.first.org/data/v1/epss?cve=CVE-2012-2111
epss 0.01381 https://api.first.org/data/v1/epss?cve=CVE-2012-2111
epss 0.01381 https://api.first.org/data/v1/epss?cve=CVE-2012-2111
epss 0.01381 https://api.first.org/data/v1/epss?cve=CVE-2012-2111
epss 0.01381 https://api.first.org/data/v1/epss?cve=CVE-2012-2111
epss 0.01381 https://api.first.org/data/v1/epss?cve=CVE-2012-2111
epss 0.01381 https://api.first.org/data/v1/epss?cve=CVE-2012-2111
epss 0.01381 https://api.first.org/data/v1/epss?cve=CVE-2012-2111
epss 0.01381 https://api.first.org/data/v1/epss?cve=CVE-2012-2111
epss 0.01381 https://api.first.org/data/v1/epss?cve=CVE-2012-2111
epss 0.01381 https://api.first.org/data/v1/epss?cve=CVE-2012-2111
epss 0.01381 https://api.first.org/data/v1/epss?cve=CVE-2012-2111
epss 0.01381 https://api.first.org/data/v1/epss?cve=CVE-2012-2111
epss 0.01381 https://api.first.org/data/v1/epss?cve=CVE-2012-2111
epss 0.01381 https://api.first.org/data/v1/epss?cve=CVE-2012-2111
epss 0.01381 https://api.first.org/data/v1/epss?cve=CVE-2012-2111
epss 0.01381 https://api.first.org/data/v1/epss?cve=CVE-2012-2111
epss 0.01381 https://api.first.org/data/v1/epss?cve=CVE-2012-2111
epss 0.01381 https://api.first.org/data/v1/epss?cve=CVE-2012-2111
epss 0.01381 https://api.first.org/data/v1/epss?cve=CVE-2012-2111
epss 0.01381 https://api.first.org/data/v1/epss?cve=CVE-2012-2111
epss 0.01381 https://api.first.org/data/v1/epss?cve=CVE-2012-2111
epss 0.01381 https://api.first.org/data/v1/epss?cve=CVE-2012-2111
epss 0.01381 https://api.first.org/data/v1/epss?cve=CVE-2012-2111
epss 0.01381 https://api.first.org/data/v1/epss?cve=CVE-2012-2111
epss 0.01381 https://api.first.org/data/v1/epss?cve=CVE-2012-2111
epss 0.01381 https://api.first.org/data/v1/epss?cve=CVE-2012-2111
epss 0.02569 https://api.first.org/data/v1/epss?cve=CVE-2012-2111
rhbs high https://bugzilla.redhat.com/show_bug.cgi?id=813569
cvssv2 6.5 https://nvd.nist.gov/vuln/detail/CVE-2012-2111
Reference id Reference type URL
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079662.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079670.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079677.html
http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00023.html
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00003.html
http://marc.info/?l=bugtraq&m=134323086902585&w=2
http://osvdb.org/81648
http://rhn.redhat.com/errata/RHSA-2012-0533.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2111.json
https://api.first.org/data/v1/epss?cve=CVE-2012-2111
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2111
http://secunia.com/advisories/48976
http://secunia.com/advisories/48984
http://secunia.com/advisories/48996
http://secunia.com/advisories/48999
http://secunia.com/advisories/49017
http://secunia.com/advisories/49030
http://www.collax.com/produkte/AllinOne-server-for-small-businesses#id2565578
http://www.debian.org/security/2012/dsa-2463
http://www.mandriva.com/security/advisories?name=MDVSA-2012:067
http://www.samba.org/samba/security/CVE-2012-2111
http://www.securitytracker.com/id?1026988
http://www.ubuntu.com/usn/USN-1434-1
813569 https://bugzilla.redhat.com/show_bug.cgi?id=813569
cpe:2.3:a:samba:samba:3.4.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.4.0:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.4.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.4.1:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.4.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.4.10:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.4.11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.4.11:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.4.12:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.4.12:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.4.13:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.4.13:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.4.14:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.4.14:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.4.15:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.4.15:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.4.16:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.4.16:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.4.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.4.2:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.4.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.4.3:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.4.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.4.4:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.4.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.4.5:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.4.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.4.6:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.4.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.4.7:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.4.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.4.8:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.4.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.4.9:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.5.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.5.0:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.5.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.5.1:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.5.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.5.10:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.5.11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.5.11:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.5.12:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.5.12:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.5.13:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.5.13:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.5.14:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.5.14:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.5.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.5.2:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.5.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.5.3:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.5.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.5.4:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.5.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.5.5:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.5.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.5.6:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.5.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.5.7:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.5.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.5.8:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.5.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.5.9:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.6.0:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.6.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.6.1:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.6.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.6.2:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.6.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.6.3:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.6.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.6.4:*:*:*:*:*:*:*
CVE-2012-2111 https://nvd.nist.gov/vuln/detail/CVE-2012-2111
GLSA-201206-22 https://security.gentoo.org/glsa/201206-22
RHSA-2012:0533 https://access.redhat.com/errata/RHSA-2012:0533
USN-1434-1 https://usn.ubuntu.com/1434-1/
No exploits are available.
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2012-2111
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.73781
EPSS Score 0.00390
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.